-
-
Notifications
You must be signed in to change notification settings - Fork 13.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python310Packages.pyopenssl: mark broken on aarch64-darwin #172397
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems sensible since it seems it cannot be fixed without upstream work.
I don't think this is a good solution. You don't have to use callbacks in pyopenssl. Marking pyopenssl as broken locks out a ton of packages on aarch64-darwin that were working perfectly fine. 1703 were removed in the latest evaluation: |
There is no reasonable way we can figure out which packages uses callbacks and which not and this could change with every update. Keeping maintainers busy with marking downstream packages broken which happen to use callbacks is also not a great solution or maintainable. Since I am the maintainer I'd rather mark pyopenssl broken on aarch64-darwin because it is not fully working or has proper upstream support. If we find a good solution I am more than happy to add a workaround but I don't have the darwin knowledge or time to find one especially if most likely code changes are required.
I am not fully sure on this one. It could also be that we ignored problematic tests on darwin in other packages which actually where caused by pyopenssl.
762 of them are duplicates between python39 and python310, so only 941 got removed. |
There are plenty of packages with bugs that do not prevent them from being useful. GCC is not marked as broken. I have a package that I've been using without any issues and now it's not available due to pyopenssl being marked as broken. |
@bobrik one direction to look in is to stub out the callbacks with assertions, making it very clear that it's related to that issue when it fails. Such a patchset will require maintenance though, so it's not ideal. Maybe upstream will even accept something like that? Would be useful to be able to backtrack easily instead of having weird crashes. |
Yeah, I am no longer willing to invest time to debug this exact issue in downstream package tests. |
This led to |
pyopenssl has been marked broken on aarch64 which httpie uses so switch to x86 in overlay. NixOS/nixpkgs#172397 • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d59dd43e49f24b58fe8d5ded38cbdf00c3da4dc2' (2022-05-06) → 'github:NixOS/nixpkgs/ff691ed9ba21528c1b4e034f36a04027e4522c58' (2022-05-16) • Updated input 'home-manager': 'github:nix-community/home-manager/538343be863cb0b9e9f1471e6dc09e0e140c7b3d' (2022-05-06) → 'github:nix-community/home-manager/32a7da69dc53c9eb5ad0675eb7fdc58f7fe35272' (2022-05-13)
See: NixOS/nixpkgs#172397, pyca/pyopenssl#87 This is (imo) better than just marking it broken and not letting aarch64-darwin use nix
`pyopenssl` is broken on Apple Silicon and [this PR marks it as broken](NixOS/nixpkgs#172397) (which I think is a little overzealous). [This other pending PR fixes the issue](NixOS/nixpkgs#173809) by making `trustme` an optional dependency for `aiohttp`. While the PR is pending, I've added an overlay to accomplish the same thing — and mark `pyopenssl` as _not_ broken, for now. Additionally, Neovim broke in recent versions of home-manager, for some reason. There's a workaround available [here](nix-community/home-manager#2966 (comment)) and the home-manager maintainers worked quickly to merge a fix in. This unblocks updating all flake dependencies and gets the system config back into working order.
* flake.lock: Update Flake lock file updates: • Updated input 'darwin': 'github:kclejeune/nix-darwin/fff582f3244f31e7455d0c5d93f2e3aa7554da90' (2022-04-20) → 'github:kclejeune/nix-darwin/c9c32574428a3182dcb2bd24ef6c73c974c368ae' (2022-05-20) • Updated input 'devshell': 'github:numtide/devshell/d97df53b5ddaa1cfbea7cddbd207eb2634304733' (2022-04-25) → 'github:numtide/devshell/a5327cd01e58d2848c73062f2661278ad615748f' (2022-05-19) • Updated input 'flake-utils': 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) → 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17) • Updated input 'home-manager': 'github:nix-community/home-manager/778af87a981eb2bfa3566dff8c3fb510856329ef' (2022-04-26) → 'github:nix-community/home-manager/02b15de8ad714409358cffdc6ed518ade03402c4' (2022-05-19) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21) → 'github:nixos/nixos-hardware/be2b338c6a05b9e46a811119e3c5bca98a118467' (2022-05-20) • Updated input 'nixos-unstable': 'github:nixos/nixpkgs/e10da1c7f542515b609f8dfbcf788f3d85b14936' (2022-04-26) → 'github:nixos/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/d146577610c17d7674a2d3e285fc637c520ad344' (2022-04-27) → 'github:nixos/nixpkgs/52dc75a4fee3fdbcb792cb6fba009876b912bfe0' (2022-05-18) • Updated input 'stable': 'github:nixos/nixpkgs/a3917caedfead19f853aa5769de4c3ea4e4db584' (2022-04-26) → 'github:nixos/nixpkgs/685d243d971c4f9655c981036b9c7bafdb728a0d' (2022-05-19) * Patch python and neovim deps `pyopenssl` is broken on Apple Silicon and [this PR marks it as broken](NixOS/nixpkgs#172397) (which I think is a little overzealous). [This other pending PR fixes the issue](NixOS/nixpkgs#173809) by making `trustme` an optional dependency for `aiohttp`. While the PR is pending, I've added an overlay to accomplish the same thing — and mark `pyopenssl` as _not_ broken, for now. Additionally, Neovim broke in recent versions of home-manager, for some reason. There's a workaround available [here](nix-community/home-manager#2966 (comment)) and the home-manager maintainers worked quickly to merge a fix in. This unblocks updating all flake dependencies and gets the system config back into working order. Co-authored-by: flakebot <flakebot@users.noreply.github.com>
pyopenssl is broken on aarch64-darwin NixOS#172397 It's in `extras_require` (optional), and only needed if mTLS feature is enabled (disabled by default) googleapis/google-auth-library-python#697
Pyopenssl is in `extras_require` (optional), and only needed if mTLS feature is enabled (disabled by default) googleapis/google-auth-library-python#697 This will also make google-auth available on aarch64-darwin since pyopenssl is broken NixOS#172397
Pyopenssl is in `extras_require` (optional), and only needed if mTLS feature is enabled (disabled by default) googleapis/google-auth-library-python#697 This will also make google-auth available on aarch64-darwin since pyopenssl is broken NixOS#172397
Description of changes
Closes #172117
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes